/Knowledge/sources/honojs__hono/llms-full/jwk-auth-middleware-what-this-middleware-validates--c21ab50c14f3.md

JWK Auth Middleware: What this middleware validates - hono-docs

JWK Auth Middleware: What this middleware validates Source evidence: /Sources/honojs hono/provenance.md Canonical citation: https://hono.dev/llms full.txt wh...

JWK Auth Middleware: What this middleware validates

Source evidence: /Sources/honojs__hono/provenance.md Canonical citation: https://hono.dev/llms-full.txt#what-this-middleware-validates

Summary

For each token, jwk(): - Parses and validates the JWT header format. - Requires a kid header and finds a matching key by kid. - Rejects symmetric algorithms (HS256, HS384, HS512). - Requires the header alg to be included in...

Content

For each token, jwk():

  • Parses and validates the JWT header format.
  • Requires a kid header and finds a matching key by kid.
  • Rejects symmetric algorithms (HS256, HS384, HS512).
  • Requires the header alg to be included in the configured alg allowlist.
  • If a matched JWK has an alg field, requires it to match the JWT header alg.
  • Verifies the token signature with the matched key.
  • By default, validates time-based claims: nbf, exp, and iat.

Optional claim validation can be configured with the verification option:

  • iss: validates issuer when provided.
  • aud: validates audience when provided.

If you need additional token checks beyond the above (for example, custom application-level authorization rules), add them in your own middleware after jwk().

:::info The Authorization header sent from the client must have a specified scheme.

Metadata

{
  "chunk_index": 0,
  "citation": "https://hono.dev/llms-full.txt#what-this-middleware-validates",
  "coverage_role": "overview",
  "qualified_title": "Hono / llms-full / JWK Auth Middleware > What this middleware validates (1)",
  "retrieved_at": "2026-07-02T05:51:01Z",
  "section_index": 319,
  "source_id": "/honojs/hono",
  "source_type": "llms_full",
  "target_label": "llms-full",
  "title": "JWK Auth Middleware: What this middleware validates",
  "upstream_url": "https://hono.dev/llms-full.txt",
  "version": "2026"
}
Kinic Wiki
Loading knowledge node
Details

Identity

database
db_23dhmsxlhukv
database_id
db_23dhmsxlhukv
path
/Knowledge/sources/honojs__hono/llms-full/jwk-auth-middleware-what-this-middleware-validates--c21ab50c14f3.md
kind
directory
role
markdown_note
children
0

Metadata

created_at
virtual
updated_at
virtual
etag
virtual
metadata_json
{}

Lint Hints

No lightweight warnings.

Outgoing Links

No outgoing links indexed.

Incoming Links

Select a file node to inspect backlinks.

Raw Source

No raw source path inferred.